How to manage EAPs at different sites across Internet using EAP Controller (via VPN Tunnel with DHCP Option138)?

As shown below, HQ and Branch Office are connected with each other through IPSec VPN tunnel. In HQ, there are TP-Link EAP controller, EAP1 and TL-ER6120 (VPN Router) in subnet 192.168.1.0/24. In branch office, there are EAP2, layer 3 switch T2600G-28TS as DHCP Server (supporting DHCP option138) and TL-ER6120 (VPN router) in subnet 192.168.0.0/24.

This document will introduce how to manage EAPs at different sites across Internet using TP-LINK EAP controller (via VPN Tunnel with DHCP option138). About how to choose VPN Router and set up site to site IPSec VPN tunnel, please refer to: Setting up Site-to-Site IPsec VPN on TP-Link Router

1.2 Enable DHCP Server Function on T2600G-28TS, and set DHCP Option138 as the IP address of Remote EAP Controller Host (192.168.1.253). And then the DHCP Server will tell the EAPs will the EAP Controller is, so that the EAP Controller and EAPs can communicate with each other among different subnets

Step3. VPN settings on TL-ER6120 in HQ are similar with “Step2”. Here we don’t describe them in detail any more. After all settings, the VPN tunnel will be established between HQ and Branch Office shown as below.

Step4. Run EAP Controller. The EAP will appear in EAP controller’s “pending” list, which means you can use EAP controller to adopt and manage this EAP now shown as below.